CSOC Cyber Security Risk Mgmt Advisor

Job summary

The postholder will advise and support on the accurate reporting of Cyber Specialist Operations Command (CSOC) strategic cyber resilience risk, driving action across the Command to manage the risk.

The postholder will support Secure-by-Design processes, implementing security early and continuously in projects, to deliver secure outcomes. This is an approach that enables a culture of proactive risk management and appropriate security consideration throughout a capabilities’ life cycle by connecting cyber security principles, roles, processes, tools, and techniques to achieve secure systems.

As part of the CSOC Chief Information Security Office Cyber Risk Management team, the postholder will report to the Cyber Risk Mgmt Lead and Cyber Risk Mgmt AH and work closely with the wider Principal Security Advisor team (PSyA) to ensure a coordinated approach to the management of cyber security within the Command.

This position is advertised at 37 hours per week.

Job description

The successful candidate would be:

1. Working with Sub-Command risk managers and risk owners to better understand their risk areas and the funded activity taking place to manage cyber risk exposure across the Command.
2. Maintain professional competence and learning and development
3. Analyse the cyber risk assessments and mitigation plans to identify common themes, gaps and make recommendations for action.
4. Provide advice and guidance to Sub-Commands on cyber security and resilience risks and issues.
5. To drive the adoption of Stream amongst the Command and Sub-Commands ensuring accurate risk reporting and escalation where required.
6. Provide and contribute to reports and briefs on cyber risk activity and risk assessments to enable seniors (all the way up to the Commander) to make informed decisions.
7. Collate the TLB quarterly returns to provide accurate reports to the Centre.
8. Lead on supporting and implementing Secure-By-Design across the Command and Sub Commands, the MOD culture of implementing security early and continuously in a project, so it delivers secure outcomes.

Person specification

Ideally, the successful candidate will have the following Essential Criteria:

1. A good understanding of cyber risk and cyber security.
2. Good technical understanding of equipment from a physical and software perspective.
3. The ability to communicate complex or technical cyber issues clearly to non‑technical stakeholders, including senior leaders
4. Good relationship-building and being a good team player

A Bachelor Degree in Computer Science, Electrical and/or Electronic Engineering, Cyber Security or associated subject OR at least 2 years relevant on the job experience to an equivalent role is required for this position.

It is desirable but NOT essential to:

1. Experience working in a cyber security role within a complex organisation or a multi-stakeholder environment (local government, national government, critical infrastructure, wider public sector, or similar).
2. A good understanding of common enterprise technologies (including cloud, networks, identify and access management) and how to evaluate their security.
3. Experience with cyberthreat intelligence models and frameworks like MITRE ATT&CK
4. Understanding of recognised Risk Management frameworks such NIST, ISO27001, NCSC’s Cyber Assessment Framework or similar.
5. CompTIA S+

Additionally other qualifications not mentioned here which hold similar weight shall be considered

Behaviours

We'll assess you against these behaviours during the selection process:

• Making Effective Decisions
• Communicating and Influencing
• Leadership
• Managing a Quality Service

We only ask for evidence of these behaviours on your application form:

• Making Effective Decisions
• Communicating and Influencing

Technical skills

We'll assess you against these technical skills during the selection process:

• Threat Understanding
• Protective security
• Applied Security Capability
• Information Risk Assessment and Risk Management

Benefits

Alongside your salary of £37,720, Ministry of Defence contributes £10,927 towards you being a member of the Civil Service Defined Benefit Pension scheme. Find out what benefits a Civil Service Pension provides.

Offered Benefits:

• 25 days paid annual leave rising (1 day per year) to 30 days upon completion of 5 years’ service
• Pension contribution: 28.97%
• Personal and professional development of skills
• Alternative working patterns for many roles
• Access to the Employee Assistance Programme (EAP), a free service that assists you with achieving a productive, healthy environment that is conducive to a healthy lifestyle
• Enhanced parental and adoption leave
• 6 days special leave per year which can be used for volunteering activities
• Learning and Development (Industry courses such as GSIF, CC, CompTIA S+ and more)

This role is eligible for London Weighting Allowance at £3,300 per annum.

Where business needs allow, some roles may be suitable for a combination of office and home-based working. This is a non-contractual arrangement where all office-based employees will be expected to spend a minimum of 60% of their working time in office, subject to capacity and any required workplace adjustments. Requirements to attend other locations for official business, or work in another MOD office, will also count towards this level of attendance. Applicants can request further information regarding how this may work in their team from the Vacancy Holder (see advert for contact details). Defence Business Services cannot respond to any questions about working arrangements.

The post does not offer relocation expenses.

External recruits who join the MOD who are new to the Civil Service will be subject to a six-month probation period.

Please Note: Expenses incurred for travel to interviews will not be reimbursed.

Please be advised that the Department is conducting a review of all pay related allowances which could impact on those allowances that the post currently being advertised attracts.

Any move to MOD from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax-Free Childcare. Determine your eligibility at https://www.childcarechoices.gov.uk/.

The Ministry of Defence is committed to providing a safe and healthy working environment for its staff which includes educating them on the benefits of not smoking, protecting them from the harmful effects of second-hand smoke and supporting those who want to give up smoking. Under the Smoke-Free Working Environment policy, Smoking and the use of all tobacco products (including combustible and chewing tobacco products) will not be permitted anywhere in the Defence working environment however some exemptions are in place, please refer to local guidance. The policy is Whole Force and includes all Defence personnel, contractors, visitors and other non-MOD personnel. All applicants seeking, considering, or accepting employment with the Ministry of Defence should be aware of this policy and that it is already in place at a number of Defence Establishments.

Things you need to know

Artificial intelligence

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action. Please see our candidate guidance (opens in a new window) for more information on appropriate and inappropriate use.

Selection process details

This vacancy is using Success Profiles (opens in a new window), and will assess your Behaviours, Experience and Technical skills.

Candidates will be required to provide CV details to include job history; qualification details and previous skills and experience.

Candidates will be required to provide a Personal Statement. (500 words max)

At sift, you will be assessed against you CV, Personal Statement the following behaviours:

• Making Effective Decisions
• Communicating and Influencing

In the event of a high number of applicants, the sift will be conducted on CV and Personal Statement only.

When choosing your Behaviour examples, please make sure you use real life scenarios that relate to your own experiences. Whilst technology may help to enhance your written submission, presenting the ideas of others or those generated by technology, could result in your application being rejected.

At interview, you will be assessed against the following Behaviours and Technical Skills:

Behaviours:

• Making Effective Decisions
• Communicating and Influencing
• Leadership
• Managing a Quality Service

Technical Skills:

• Threat Understanding
• Protective Security
• Applied Security Capability
• Information Risk Assessment and Risk Management

You can find the framework for the above technical skills here - Cyber security - UK Government Security

The Civil Service embraces diversity and promotes equality of opportunity. There is a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. If you need to advise us that you need additional help or reasonable adjustments for the recruitment process, please contact: DBSCivPers-Resourcingteam3@mod.gov.uk .

As a result of the changes to the UK immigration rules which came in to effect on 1 January 2021, the Ministry of Defence will only offer sponsorship for a skilled worker visa under the points based system, where a role has been deemed to be business critical. This role does not meet that category and we will not sponsor.

Should you apply for this role and be found to require sponsorship, your application will be rejected and any provisional offer of employment withdrawn.

The Ministry of Defence requires all candidates who are successful at interview to declare any outside interests. These declarations will be discussed with successful candidates following the interview process and before a formal offer of employment is made, as some outside interests may not be compatible with MOD civilian roles. This will not, in the majority of cases, prevent employment in MOD, but it is a measure that must be taken to ensure that appropriate mitigations can be put in place to manage any potential, perceived or actual conflicts of interest from the first day of employment.

The Ministry of Defence adopts a zero-tolerance approach to unacceptable behaviours, which includes bullying, harassment, sexual harassment, discrimination, and victimisation. You will not be eligible and will not be considered for this post if you have been dismissed from a role for such unacceptable behaviours within the last five years. This will also apply if you resign or otherwise leave a role but, because of an adverse decision, would have been dismissed for gross misconduct had you continued in that employment. Pre-employment checks will be carried out.

Cyber & Specialist Operations Command (CSOC) generates and operates specialist capabilities, ready to fight across all domains to make the UK secure at home and strong abroad.

Always on, we are across every UK operation, delivering the capabilities you don’t usually see - or those you can’t.

From cyber warriors and medics to intelligence analysts, special forces, educators, and Defence attachés, our collective expertise delivers the warfighting edge Defence needs to deter threats and secure the nation today and prepare for tomorrow.

CSOC unites Defence’s cyber and specialist capabilities under a single, military command alongside the Royal Navy, British Army, and the Royal Air Force - acting as the UK’s fourth Military Command. For more information, please see here.’

Cyber and Specialist Operations Command (CSOC) is going through a significant transformation programme which aims to design the way in which the new Military Command conducts its business and delivers for Defence and the nation. As a consequence of this, posts within CSOC are/or may become subject to review and potential changes as we continuously improve across the period of the transformation programme. These changes may be minor or could be more substantive and will generate new opportunities. Throughout, the Command’s transformation programme is committed to following the MOD’s framework on managing and supporting people through the change process and places an emphasis on early and open consultation and engagement with the Command’s personnel and Trade Unions.

Feedback will only be provided if you attend an interview or assessment.

Security

Successful candidates must undergo a criminal record check.Successful candidates must meet the security requirements before they can be appointed. The level of security needed is developed vetting (opens in a new window).

See our vetting charter (opens in a new window).People working with government assets must complete baseline personnel security standard (opens in new window) checks.

Nationality requirements

Open to UK nationals only.

Working for the Civil Service

The Civil Service Code (opens in a new window) sets out the standards of behaviour expected of civil servants.

We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's recruitment principles (opens in a new window).The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria.The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy.

Diversity and Inclusion

The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Plan (opens in a new window) and the Civil Service Diversity and Inclusion Strategy (opens in a new window).

Apply and further information

This vacancy is part of the Great Place to Work for Veterans (opens in a new window) initiative.Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records.

Contact point for applicants

Job contact :

• Name : Cyber Risk Management Team
• Email : ukstratcom-cyber-risk-team@mod.gov.uk

Recruitment team

• Email : DBSCivPers-ResourcingTeam3@mod.gov.uk

Further information

Please ensure you read the attached candidate information document prior to completing your application. If you are dissatisfied with the service you have received from DBS, or believe that DBS has failed to follow the recruitment process in line with the Civil Service Commission principles of selection for appointment on merit on the basis of Fair and Open competition, you can raise a formal complaint by writing to DBS at the following address: Defence Business Services, Scanning Hub, Room 6124, Tomlinson House, Norcross Lane, Blackpool, FY5 3WP. If after raising your complaint with DBS you remain dissatisfied you can complain directly to the Civil Service Commission at the following address: Civil Service commission, Room G/8, 1 Horse Guards Road, London, SW1A 2HQ Or by email: info@csc.gov.uk.

Attachments

CSOC Candidate Pack 2025 Opens in new window (pdf, 1777kB)Candidate Information Opens in new window (docx, 32kB)Defence Civil Service Offer Opens in new window (pdf, 1562kB)Defence Internal Brief notice Opens in new window (docx, 43kB)